package com.ruoyi.framework.web.service;

import javax.annotation.Resource;

import cn.hutool.http.HttpUtil;
import com.alibaba.fastjson2.JSON;
import com.alibaba.fastjson2.JSONObject;
import com.ruoyi.common.core.domain.AjaxResult;
import com.ruoyi.common.enums.LzmxEnum;
import com.ruoyi.common.utils.SecurityUtils;
import com.ruoyi.modules.service.TRwbService;
import com.ruoyi.system.mapper.SysUserMapper;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.stereotype.Component;
import com.ruoyi.common.constant.CacheConstants;
import com.ruoyi.common.constant.Constants;
import com.ruoyi.common.constant.UserConstants;
import com.ruoyi.common.core.domain.entity.SysUser;
import com.ruoyi.common.core.domain.model.LoginUser;
import com.ruoyi.common.core.redis.RedisCache;
import com.ruoyi.common.exception.ServiceException;
import com.ruoyi.common.exception.user.BlackListException;
import com.ruoyi.common.exception.user.CaptchaException;
import com.ruoyi.common.exception.user.CaptchaExpireException;
import com.ruoyi.common.exception.user.UserNotExistsException;
import com.ruoyi.common.exception.user.UserPasswordNotMatchException;
import com.ruoyi.common.utils.DateUtils;
import com.ruoyi.common.utils.MessageUtils;
import com.ruoyi.common.utils.StringUtils;
import com.ruoyi.common.utils.ip.IpUtils;
import com.ruoyi.framework.manager.AsyncManager;
import com.ruoyi.framework.manager.factory.AsyncFactory;
import com.ruoyi.framework.security.context.AuthenticationContextHolder;
import com.ruoyi.system.service.ISysConfigService;
import com.ruoyi.system.service.ISysUserService;

import java.util.*;

/**
 * 登录校验方法
 * 
 * @author ruoyi
 */
@Slf4j
@Component
public class SysLoginService
{
    @Autowired
    private TokenService tokenService;

    @Resource
    private AuthenticationManager authenticationManager;

    @Autowired
    private RedisCache redisCache;
    
    @Autowired
    private ISysUserService userService;

    @Autowired
    private ISysConfigService configService;

    @Autowired
    private TRwbService tRwbService;

    @Autowired
    private SysPermissionService permissionService;

    @Autowired
    private TRwbService trwbService;
    @Autowired
    private SysUserMapper sysUserMapper;

    /**
     * 登录验证
     * 
     * @param username 用户名
     * @param password 密码
     * @param code 验证码
     * @param uuid 唯一标识
     * @return 结果
     */
    public String login(String username, String password, String code, String uuid)
    {
        // 验证码校验
        validateCaptcha(username, code, uuid);
        // 登录前置校验
        loginPreCheck(username, password);
        // 用户验证
        Authentication authentication = null;
        try
        {
            UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(username, password);
            AuthenticationContextHolder.setContext(authenticationToken);
            // 该方法会去调用UserDetailsServiceImpl.loadUserByUsername
            authentication = authenticationManager.authenticate(authenticationToken);
        }
        catch (Exception e)
        {
            if (e instanceof BadCredentialsException)
            {
                AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_FAIL, MessageUtils.message("user.password.not.match")));
                throw new UserPasswordNotMatchException();
            }
            else
            {
                AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_FAIL, e.getMessage()));
                throw new ServiceException(e.getMessage());
            }
        }
        finally
        {
            AuthenticationContextHolder.clearContext();
        }
        AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_SUCCESS, MessageUtils.message("user.login.success")));
        LoginUser loginUser = (LoginUser) authentication.getPrincipal();
        recordLoginInfo(loginUser.getUserId());
        // 生成token
        return tokenService.createToken(loginUser);
    }

    /**
     * 企业微信登录验证
     *
     * @param jsonCode
     * @return 结果
     */
    public AjaxResult wxLogin(String jsonCode)
    {
        AjaxResult ajax;
        log.debug("res {} " , jsonCode);
        JSONObject jsonCodeObject= JSONObject.parseObject(jsonCode);
        JSONObject codeObject = jsonCodeObject.getJSONObject("code");
        log.debug("codeObject {} " , codeObject);
        String code = codeObject.getString("code");
        log.debug("code {} " , code);
        if (StringUtils.isEmpty(code)){
            ajax = AjaxResult.error("获取code失败！");
            return ajax;
        }
        String getTokenUrl = "https://qyapi.weixin.qq.com/cgi-bin/gettoken?corpid=ww7555960e312add1f&corpsecret=Om6_qbDc72JMsYQ6Ss-ffgGhYMa4UcbEEze_1ahWIh4";
        String tokenRes = HttpUtil.get(getTokenUrl);
        log.debug("tokenRes {} " , tokenRes);
        JSONObject accessToken= JSONObject.parseObject(tokenRes);
        String access_token = accessToken.getString("access_token");
        log.debug("access_token {} " , access_token);
        if (StringUtils.isEmpty(access_token)){
            ajax = AjaxResult.error("获取access_token失败！");
            return ajax;
        }
        String getUserInfoUrl = "https://qyapi.weixin.qq.com/cgi-bin/auth/getuserinfo?access_token="+access_token+"&code="+code;
        String userInfoRes = HttpUtil.get(getUserInfoUrl);
        log.debug("userInfoRes {} " , userInfoRes);
        JSONObject userInfo = JSONObject.parseObject(userInfoRes);
        int errCode  = userInfo.getIntValue("errcode");
        log.debug("errCode {} " , errCode);
        if(0 == errCode){
            String userid = userInfo.getString("userid");
            log.debug("userid {} " , userid);
            if (StringUtils.isNotEmpty(userid)){
                Map<String, Object> body = new HashMap<>();
                List list = new ArrayList<>();
                list.add(userid);
                body.put("userid_list", list);
                String openUserId = tRwbService.getOpenUserId(body);
                ajax = AjaxResult.success();
                ajax.put("userid", openUserId);
            }else{
                ajax = AjaxResult.error("非企业成员！");
            }
        }else{
            ajax = AjaxResult.error("获取访问用户信息失败！");
        }
        log.debug("ajax {} " , ajax);
        return ajax;
    }


    /**
     * 校验验证码
     * 
     * @param username 用户名
     * @param code 验证码
     * @param uuid 唯一标识
     * @return 结果
     */
    public void validateCaptcha(String username, String code, String uuid)
    {
        boolean captchaEnabled = configService.selectCaptchaEnabled();
        if (captchaEnabled)
        {
            String verifyKey = CacheConstants.CAPTCHA_CODE_KEY + StringUtils.nvl(uuid, "");
            String captcha = redisCache.getCacheObject(verifyKey);
            redisCache.deleteObject(verifyKey);
            if (captcha == null)
            {
                AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_FAIL, MessageUtils.message("user.jcaptcha.expire")));
                throw new CaptchaExpireException();
            }
            if (!code.equalsIgnoreCase(captcha))
            {
                AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_FAIL, MessageUtils.message("user.jcaptcha.error")));
                throw new CaptchaException();
            }
        }
    }

    /**
     * 登录前置校验
     * @param username 用户名
     * @param password 用户密码
     */
    public void loginPreCheck(String username, String password)
    {
        // 用户名或密码为空 错误
        if (StringUtils.isEmpty(username) || StringUtils.isEmpty(password))
        {
            AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_FAIL, MessageUtils.message("not.null")));
            throw new UserNotExistsException();
        }
        // 密码如果不在指定范围内 错误
        if (password.length() < UserConstants.PASSWORD_MIN_LENGTH
                || password.length() > UserConstants.PASSWORD_MAX_LENGTH)
        {
            AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_FAIL, MessageUtils.message("user.password.not.match")));
            throw new UserPasswordNotMatchException();
        }
        // 用户名不在指定范围内 错误
        if (username.length() < UserConstants.USERNAME_MIN_LENGTH
                || username.length() > UserConstants.USERNAME_MAX_LENGTH)
        {
            AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_FAIL, MessageUtils.message("user.password.not.match")));
            throw new UserPasswordNotMatchException();
        }
        // IP黑名单校验
        String blackStr = configService.selectConfigByKey("sys.login.blackIPList");
        if (IpUtils.isMatchedIp(blackStr, IpUtils.getIpAddr()))
        {
            AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_FAIL, MessageUtils.message("login.blocked")));
            throw new BlackListException();
        }
    }

    /**
     * 记录登录信息
     *
     * @param userId 用户ID
     */
    public void recordLoginInfo(Long userId)
    {
        SysUser sysUser = new SysUser();
        sysUser.setUserId(userId);
        sysUser.setLoginIp(IpUtils.getIpAddr());
        sysUser.setLoginDate(DateUtils.getNowDate());
        userService.updateUserProfile(sysUser);
    }

    public AjaxResult wxLoginByCode(String jsonCode) {
        AjaxResult ajax;
        log.debug("res {} " , jsonCode);
        JSONObject jsonCodeObject= JSONObject.parseObject(jsonCode);
        JSONObject codeObject = jsonCodeObject.getJSONObject("code");
        log.debug("codeObject {} " , codeObject);
        String code = codeObject.getString("code");
        log.debug("code {} " , code);
        if (StringUtils.isEmpty(code)){
            ajax = AjaxResult.error("获取code失败！");
            return ajax;
        }
        String getTokenUrl = "https://qyapi.weixin.qq.com/cgi-bin/gettoken?corpid=ww7555960e312add1f&corpsecret=UtKhKADmTv0f4nfsEgGTDbSKrZRVo80AhGlar_Hp6nc";
        String tokenRes = HttpUtil.get(getTokenUrl);
        log.debug("tokenRes {} " , tokenRes);
        JSONObject accessToken= JSONObject.parseObject(tokenRes);
        String access_token = accessToken.getString("access_token");
        log.debug("access_token {} " , access_token);
        if (StringUtils.isEmpty(access_token)){
            ajax = AjaxResult.error("获取access_token失败！");
            return ajax;
        }
        String getUserInfoUrl = "https://qyapi.weixin.qq.com/cgi-bin/auth/getuserinfo?access_token="+access_token+"&code="+code;
        String userInfoRes = HttpUtil.get(getUserInfoUrl);
        log.debug("userInfoRes {} " , userInfoRes);
        JSONObject userInfo = JSONObject.parseObject(userInfoRes);
        int errCode  = userInfo.getIntValue("errcode");
        log.debug("errCode {} " , errCode);
        if(0 == errCode){
            String userid = userInfo.getString("userid");
            SysUser user =  userService.selectUserbyAccountId(userid);
            // 用户验证
            Authentication authentication = null;
            String username = user.getUserName();
            String password = user.getPassword();

            try
            {
                UserDetails userDetails=new LoginUser(user.getUserId(), user.getDeptId(), user, permissionService.getMenuPermission(user));
                authentication = new UsernamePasswordAuthenticationToken(userDetails, null,
                        AuthorityUtils.createAuthorityList("ROLE_USER"));
                SecurityContextHolder.getContext().setAuthentication(authentication);
//                UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(username, password);
//                AuthenticationContextHolder.setContext(authenticationToken);
//                // 该方法会去调用UserDetailsServiceImpl.loadUserByUsername
//                authentication = authenticationManager.authenticate(authenticationToken);
            }
            catch (Exception e)
            {
                if (e instanceof BadCredentialsException)
                {
                    AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_FAIL, MessageUtils.message("user.password.not.match")));
                    throw new UserPasswordNotMatchException();
                }
                else
                {
                    AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_FAIL, e.getMessage()));
                    throw new ServiceException(e.getMessage());
                }
            }
            finally
            {
                AuthenticationContextHolder.clearContext();
            }
            AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_SUCCESS, MessageUtils.message("user.login.success")));
            LoginUser loginUser = (LoginUser) authentication.getPrincipal();
            recordLoginInfo(loginUser.getUserId());
            // 生成token
            String token = tokenService.createToken(loginUser);
            ajax = AjaxResult.success();
            ajax.put(Constants.TOKEN, token);
            return ajax;
        }else{
          return AjaxResult.error("该用户不存在！");
        }
    }

    public AjaxResult loginByToken(String appToken) {
        AjaxResult ajax;
        AjaxResult result = trwbService.getLoginUserInfoByAppToken(appToken, LzmxEnum.YJFK_APPCODE.getValue());
        if(result.isSuccess()){
            JSONObject userInfo=  (JSONObject)result.get("data");
            String userName = userInfo.getString("username");
            SysUser user =  userService.selectUserbyAccountId(userName);
//            if(null == user){return AjaxResult.error("用户不存在");}
            if (null == user){// 如果用户不存在新增用户
                user = new SysUser();
                user.setNickName(userInfo.getString("trueName"));
                SysUser sysUser = sysUserMapper.selectUserByUserName(userName);
                if (null == sysUser){user.setUserName(userName);}
                else {user.setUserName(String.valueOf(new Date().getTime()));}
                user.setAccountId(userName);
                user.setDeptId(100L);
                user.setStatus("0");
                user.setPhonenumber(userInfo.getString("phone"));
                user.setPassword(SecurityUtils.encryptPassword(configService.selectConfigByKey("sys.user.initPassword")));
                sysUserMapper.insertUser(user);
            }
            // 用户验证
            Authentication authentication = null;
            String username = user.getUserName();
            try
            {
                UserDetails userDetails=new LoginUser(user.getUserId(), user.getDeptId(), user, permissionService.getMenuPermission(user));
                authentication = new UsernamePasswordAuthenticationToken(userDetails, null,
                        AuthorityUtils.createAuthorityList("ROLE_USER"));
                SecurityContextHolder.getContext().setAuthentication(authentication);
            }
            catch (Exception e)
            {
                if (e instanceof BadCredentialsException)
                {
                    AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_FAIL, MessageUtils.message("user.password.not.match")));
                    throw new UserPasswordNotMatchException();
                }
                else
                {
                    AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_FAIL, e.getMessage()));
                    throw new ServiceException(e.getMessage());
                }
            }
            finally
            {
                AuthenticationContextHolder.clearContext();
            }
            AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_SUCCESS, MessageUtils.message("user.login.success")));
            LoginUser loginUser = (LoginUser) authentication.getPrincipal();
            recordLoginInfo(loginUser.getUserId());
            // 生成token
            String token = tokenService.createToken(loginUser);
            result.put(Constants.TOKEN, token);
            return result;
        }else{
            return result;
        }
    }
}
